: Cache HTTPS + SSL A lot of resources claim that websites with HTTPS + SSL will not be cached. Is this true? If so, why? If so, can this be prevented? I heard that this depends on the browser,
A lot of resources claim that websites with HTTPS + SSL will not be cached.
Is this true?
If so, why?
If so, can this be prevented?
I heard that this depends on the browser, but that the most browsers won't cache HTTPS.
More posts by @Courtney195
1 Comments
Sorted by latest first Latest Oldest Best
Yes, HTTPS content is cacheable.
Historically, authenticated or content obtained via HTTPS may not have been cached by the browsers. This was never a technical requirement but thought as a good security practice. For example, Firefox used to cache HTTPS content only in memory. However, as the use of HTTPS increased, caching SSL enabled content to the disk became default.
The important thing is to set Cache-control headers. Google has a good article on HTTP caching. I recommend you review it.
You can use curl -I at the command line to check cache headers:
curl -I google.com HTTP/1.1 200 OK
Date: Thu, 11 Sep 2014 13:54:52 GMT
Expires: -1
Cache-Control: private, max-age=0
Or there are online tools like redbot.org
I highly recommend setting Cache-Control headers are on all content. I also recommend setting explicit headers, such as max-age.
With the increasing use of mobile, CDNs, content acceleration providers, users are often connecting via some sort of proxy. So you want to assure you have good cache policies so these proxies no how to handle your content.
In the example above, you will see private. Historically, some user-agents would not cache data to disk when this directive is in place, but this practice is changing as well.
For a detailed review of this, please see this 2013 report:
Industry-Wide Misunderstandings of HTTPS
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.